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Abstract 

We combine constrained literals for model representation with key 
concepts from first-order superposition and propositional conflict-driven 
clause learning (CDCL) to create the new calculus Non-Redundant Clause 
Learning (NRCL) deciding the Bernays-Schonflnkel fragment. Our calcu¬ 
lus uses first-order literals constrained by disequations between tuples of 
terms for compact model representation. From superposition, NRCL in¬ 
herits the abstract redundancy criterion and the monotone model opera¬ 
tor. CDCL adds the dynamic, conflict-driven search for an atom ordering 
inducing a model. As a result, in NRCL a false clause can be found ef¬ 
fectively modulo the current model candidate. It guides the derivation of 
a first-order ordered resolvent that is never redundant. Similar to lUIP- 
learning in CDCL, the learned resolvent induces backtracking and, by 
blocking the previous conflict state via propagation, it enforces progress 
towards finding a model or a refutation. The non-redundancy result also 
implies that only finitely many clauses can be generated by NRCL on the 
Bernays-Schonfinkel fragment, which serves as an argument for termina¬ 
tion. 


1 Introduction 

The Bernays-Schonfinkel fragment, also called Effectively Propositional Logic, 
or BS (or EPR) for short, is an important fragment of classic first-order logic, 
where only constants are allowed as function symbols in the clause normal form. 

This decidable and NEXPTIME-complete fragment has many applications, 
including knowledge representation |19j and ontological reasoning [38) , hardware 
verification [iniEDiiia, logic programming m, and planning [32) . 

Over the years a number of calculi have attempted to provide an efficient so¬ 
lution for BS problems. These approaches range from the early SEM and Mace 
systems [35] to the recent state-of-the-art solvers like iProver [ID and Dar¬ 
win [7] , but even general purpose first-order theorem provers provide specialized 
techniques for BS problems, like generalisation in Vampire ED, or specialized 
splitting techniques for SPASS introduced in [13] and [T3] . 


1 


In this paper, we introduce a new calculus for solving BS problems with iter¬ 
ative model building. Our approach builds first-order candidate models instead 
of approximations, uses constrained literals for model representation, and learns 
new non-redundant clauses to guide the search. 

Our calculus, called NRCL or Non-Redundant Clause Learning, shares many 
principles with propositional SAT solving and superposition. For a detailed 
introduction to conflict-driven clause learning (CDCL), see the early article 
[55] , or the more recent handbook |S] . The interested reader can get a thorough 
overview of superposition in the articles mmmmm- 

Compared to the existing approaches, we use a more expressive and implicit 
constraint language, our search is guided by backjumping and learning non- 
redundant clauses, and our model representation is more compact, in general. 
In addition, compared to all existing approaches, we can prove that all our 
learned clauses are non-redundant and this way, for the first time, establish 
a calculus that combines the search with respect to a dynamically changing 
(partial) model with an overall notion of redundancy. For a more detailed 
comparison, see Section 9. 

In the rest of the paper, we first introduce some basic definitions and notions 
in Section 2, followed by a description of our calculus in Section 3. Section 4 
establishes its soundness, while, after introducing some regularity conditions in 
Section 5, we provide our key result, namely non-redundant clause learning, in 
Section 6. We then prove termination in Section 7. 

In Section 8, we specify some details on handling constraints, and basic 
heuristics for a future implementation. We compare our calculus to the existing 
literature in more details in Section 9. Finally, Section 10 provides a summary 
and outlines future work. 


2 Preliminaries 

2.1 Basic Definitions 

We assume the reader is familiar with first-order logic, its syntax, and its se¬ 
mantics. In particular, we handle the Bernays-Schonfinkel fragment, or BS for 
short In this fragment the only functions allowed in the clause normal form are 
finitely many constants. We denote the finite signature by S, the set of predicate 
symbols by Pr, and call the finite set of constants the domain, denoted by V. 

We denote the set of all first-order atoms over a signature S and a possibly 
infinite set of variables X by Ae(X). In particular the set of ground atoms is 
denoted by As, a short-hand for Ae( 0)- For a literal L, \L\ denotes the atom 
contained by L. In general, we denote the ground instances of an expression - 
a term, literal, or clause - e over the domain D by the notation gnd(e). 

W.l.o.g., we assume that each independent expression is variable disjoint, 
and we call a variable fresh if it does not occur in any expression - e.g. clause 
or clause set - of the current context. 

We consider substitutions in the usual way, and for a substitution a, dom(cr) 
denotes the domain of a, i.e. the finite set of variables with x ^ xa, and rng(cr) 
denotes the range of a, i.e. the image of dom(cr) w.r.t. cr. 

We assume the reader is familiar with most general unifiers, and mgu is 
used to denote the result of unifying two or more expressions or substitutions. 
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We use the short-hand 3cr = mgu(ei,e 2 ) to both state the existence of a most 
general unifier and bind a to one such substitution. 

For expressions or substitutions ei, 62 , we say 62 can be matched against 
ei, or ei is more general than 62 , and write ei > 62 , if and only if there is a 
substitution a such that ei = 62 cr. 

We represent a first-order interpretation I with the set {A € As \ I \= A}. 
We define satisfiability and semantic consequence as usual. 

In particular, we consider the problem of deciding whether a finite clause set 
N over a BS language E without equality is satisfiable. This problem is known 
to be NEXPTIME-complete [25] . 

2.2 Constraints and Constrained Literals 

Next, we provide details about the constraint language we use. Our constraints 
are equivalent with implicit generalizations, a constraint language for represent¬ 
ing terms and models with exceptions. It has applications in inductive learning, 
logic programming and term rewriting. For more details see e.g. mm- 

The name dismatching constraints was chosen in the spirit of iProver^I^. 
although for our purposes checking satisfiability has to be carried out over the 
ground instances and thus, the linear-time algorithm of iProver based on match¬ 
ing is not applicable. 

While implicit generalizations maintain a list of literals with fresh variables 
representing exceptions for the literal constrained, dismatching constraints ex¬ 
tract the arguments of the literals and represent the restrictions as conjunctions 
of disequations to allow more simplification and a more compact representation. 
In particular, we maintain a strict normal form, which already assumes most 
inexpensive simplifications. 

We chose dismatching constraints for a balance between expressiveness and 
simplicity, for the existing literature, and for compactness. However, NRCL is 
compatible with any constraint language allowing the operations discussed in 
the next subsection. 

Definition 2.1 (Dismatching Constraint) A dismatching constraint tt is of 
the form 

Ai^x ti 

where X is a finite set of indices, and for each i £ X, Si and ti are tuples of 
terms of the same dimension. 

Furthermore, we assume that all the left-hand side variables in it differ from 
any right-hand side variable, and for each i,j £ X, ti and tj are variable disjoint 
whenever i differs from j. 

We further extend the set of constraints with the constants T, T representing 
the tautological and the unsatisfiable constraint, respectively. 

Finally, an atomic constraint s t occurring in tt is also called a subcon¬ 
straint of TT. 

To enforce a normal form, we make further assumptions below. 

Definition 2.2 (Normal Form) We say a constraint tt = A^gx Sz 7 ^ U is in 
normal form iff the following conditions hold: 

(Cl) each Si contains only variables 
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(C2) no variable occurs more than once in any left-hand side Si 

A simple consequence of the normal form is that the two sides of any sub¬ 
constraint s ^ t are always unifiable, and the induced substitution {s - 5 — is 
always well-defined and matches the left-hand side against the right-hand side. 

Definition 2.3 (Induced Substitutions) The set of induced substitutions 
of a dismatching constraint tt in normal form is the set given by 

{{si ti} I i € 1} 

if TT = f\i^x Si ^ti- For _L, we define it as the set containing only the identity, 
and for T as the empty set. 

We define lvar(7r) and rvar(7r) as the set of the left-hand side and right- 
hand side variables of some dismatching constraint tt, respectively. Then the 
semantics for our constraints can be given as below. 

Definition 2.4 A solution of a constraint tt over some variable set V, which 
contains lvar(7r) but contains no variable from rvar(7r), is a ground substitution 
S : V ^ V such that no U can be matched against the respective Sid, i.e. no Si6 
is an instance of the respective U. 

In particular, if tt = T, any such grounding substitution is a solution, and 
TT = _L has no solution at all. 

As usual, TT is called satisfiable and unsatisfiable if it has a solution or no solution, 
respectively. We note that the notion of satisfiability depends only on lvar(7r). 

Example 2.5 Consider the domain V = {a, b} and the constraint 

= {x,y) ^ {v,v) Ay ^ a 

Then tt is satisfiable and the ground substitution ct = {a; ■(— a, y 6 } is the only 
solution of TT (over V = {a;, yj), since y can only be b and the first subconstraint 
represents x ^ y. 

Remark 2.6 It can be shown that a ground substitution S : V ^ T> with 
lvar(7r) C V is not a solution of tt if and only if there is an induced substi¬ 
tution a which is more general than 6. 

Definition 2.7 Let tt and tt' denote constraints for which both 

• lvar(7r) n rvar(7r') = 0, and 

• lvar(7r') fl rvar(7r) = 0 

hold. Such constraints are called equivalent iff their sets of solutions coincide 
for any V such that lvar(7r) U lvar(7r') C V, and both V fl rvar(7r) = 0 and 
Enrvar(7r') = 0. 
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Normal Form Transformation 

Next, we show that any dismatching constraint of the form A^gx Si ^ ti can be 
normalized in polynomial time. This can be achieved with the rule set below, 
given as rewriting rules over the subconstraints. 

1 . (si,a, S2) ^ iti,a,t 2 ) ^ (si,S2) {tiM), where a&V 

2 . (si, a, S2) ^ ^2) => T, where a ^ b gV 

3 . (si, a, S2) ^ 12) => (si, S2) ^ {ti,t2)(J, where a G X>, ct = {x <— a} 

4 . 0 ^ 0 ^ ± 

5 . (si,x, S2,x, S3) ^ iti,ri,t 2 ,r 2 ,t 3 ) ^ (si,x, 3*2,53) ^ (ti, ri, ^"2, r3)cr, if 

3 ct = mgu(ri,r 2 ) 

6 . (si,x, S2,x, S3) ^ {ti,ri,t2,r2,t3) ^ T, if J mgu(ri,r2) 

7 . s ^ _L, if t can be matched against s 

8 . (31,5*2) ^ (^1,^2) ^ Si ^ ti, if var(<i)nvar(t2) = 0, and ^2 can be matched 
against S2 

Where the last rule is considered modulo permutations of positions correspond¬ 
ing to the (si, s*2)-partitionings. 

Example 2.8 Let us normalize the following constraint: 

(x, a, y, x) ^ (6, x, w, w) A (x, a, y, x) 7^ {wq, wq, vq, to) 

For the first subconstraint we get 

(x,a,j/,x) 7^ {b,v,w,w) ^ (x,j/,x) 7^ {b,w,w) ^ (x,j/) 7^ (&, 6) 
and for the second one 

(x, a, y, x) 7^ (wo, Wo, xo, to) ^ {x, a, y) ^ (wq, wq, uq) ^ (x, y) ^ (a, i;o) ^ x 7^ a 
Thus, the normalized constraint is 

{x,y) 7^ (&, 6) Ax 7^ a 

Applying these rules together with the usual rules for conjunction and the con¬ 
stants _L, T 

1 . preserves the variable disjointness conditions of Definition 12.11 

2. preserves solutions, i.e. the left-hand side and right-hand side constraints 
are equivalent 

3 . transforms tt into normal form in polynomial time 

We note that the rules ( 7 ) and (8) are optional, and that ( 7 ) is a special case 
of (8). 

Therefore, w.l.o.g. we assume that the constraints are always in normal 
form, and the result of any operation is transformed into normal form without 
explicitly expressing it. We also express it by using the notation Ajgx Xi 7^ ti 
for dismatching constraints in the rest of the paper. 
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Constrained Literals 


Next, we define literals constrained with dismatching constraints in normal form, 
and give their semantics as sets of ground literals. 

Definition 2.9 (Constrained Literal) We call the pair (L;7r) of a literal L 
and a dismatching constraint tt such that both lvar(7r) C var(L) and rvar(7r) fl 
var(L) = 0 hold a constrained literal. 

The semantics of constrained literals is given by the following definition of 
the set of covered literals.- 

gnd(L;7r) = {LS \ S : var(L) —>• V s.t. Vi G I: $mgu{xiS,ti)} 

where tt = Ai^xXi ^ U. A ground literal L' is covered by a constrained literal 
{L;7 t) iff L' € gnd(L;7r). 

We say that a constrained literal (L]7 t) is empty if it covers no ground 
literals, i.e. gnd(L;7r) is empty. 

It is easy to see that (L; tt) is empty if and only if tt is unsatisfiable, and 
that given a solution 5 of tt over lvar(7r), for any extension 5' of 8 to var(L), 
L5' G gnd(L; tt) holds. 

Example 2.10 Let {L;tt) = {P{x,y); {x,y) {v,v) Ax ^ a Ay b). Then 

the set of covered literals over the domain 7)2 = is 

gnd(L;7r) = {P{b, a)} 

and if we take = {a, b, c} instead, it is 

gnd(L; tt) = {P{b, a), P{c, a), P{b, c)} 

In the rest of the paper we make some further assumptions as common in au¬ 
tomated reasoning: 

1. Different constrained literals are variable disjoint, unless stated otherwise. 

2. Apart from normal form transformations, for any substitution a applied 
to a constrained literal {L-,tt), the following always hold unless stated 
otherwise: 

• dom((j) n rvar( 7 r) = 0 

• var(rng((7)) n rvar(7r) = 0 

Constrained Clauses 

Occasionally, we have to represent a collection of ground clauses by a constrained 
clause (C; tt). Extending the notations and semantics for constrained literals to 
constrained clauses is straightforward. 

Furthermore, we use the notation (C; ct; tt) for the constrained clause (Ccr; tt), 
whenever we wish to syntactically distinguish C and a. 

We only note that during resolving away literals from C, we might get to a 
state where lvar(7r) contains variables not occurring in C. See the constrained 
unit clause 

{P{y, z); {x, y) {v, v) a {x, z) {w, w)) 
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from Example 18.11 for a demonstration. 

For semantic purposes, these free variables are considered existential vari¬ 
ables. We assume that such variables are eliminated through instantiation, see 
Section 8 for further details. 

2.3 Operations on Constrained Literals 

In the context of our calculus, three operations are of significance: conjunction, 
difference, and checking whether a constrained literal is empty. 

In the literature checking emptiness also relates to sufficient completeness 
and negation elimination and it is known to be a co-NP-complete problem |24j 
in the case of finitely many function symbols and infinite Herbrand universe. 

This complexity result also holds for our setting - one might take a binary do¬ 
main with true and false, and then each atomic constraint with constant right- 
hand side can be seen as clauses with the left-hand side variables as propositional 
variables, and the emptiness of the whole constraint as the unsatisfiability of 
this clause set. 

In this section, we propose an enumeration-based algorithm to test emptiness 
as an alternative to relying on external CSP and CDCL solvers. 

Conjunction 

For two constrained literals (Li;7ri), {L 2 ','K 2 ) with the same polarity and pred¬ 
icate symbol, we look for a constrained literal (L; tt) for which 

gnd(L; tt) = gnd(Li; tti) n gnd(L 2 ; 1 ^ 2 ) 

holds. If the two literals are unifiable, such a literal exists. Otherwise, any 
empty constrained literal can be chosen. 

Definition 2.11 (Conjunction) Let as the define and denote the conjunction 
of two constrained literals (Li;7ri), {L 2 ',tt 2 ) as 

(Li; TTi) A (L 2 ; 7r2) = (Lict; ttict A 7r2cr) 

if 3(7 = mgu(Li,L 2 )- If the literals are not unifiable, we define it as the empty 

{Liffi). 


This definition is sound, i.e. 

Lemma 2.12 For any unifiable constrained literals {Li;ni), [L2 ',t^2), 
gnd(Li; TTi) 0 gnd(L 2 ; 7 ^ 2 ) = gnd(Licr; ttict A 7r2cr) 
holds, where a = mgu(Li, L 2 ). 

Proof: 

(C): Consider a ground literal from gnd(Li;7ri) 0 gnd{L 2 ','K 2 ), and w.l.o.g. 
assume it has the form Lffi. Then Lffi > Li holds for both i = 1,2. 

Thus, 6 = ae for some substitution e. Since Lffi G gnd(Li;7ri), iriae must be 
true {i = 1, 2). But then Lffi > Liu, and Lffi = (Licr)e G gnd(Licr; ttict A ^ 2 ( 7 ) 
both hold. 
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(D): Now, assume that {Lia)e is a literal from gnd(Licr; ttict A 712 ( 7 ). Then, 
since a is the most general uniher, we know that Licre > Li hold for both 
i = 1,2. Furthermore, TTicre is true (i = 1,2), and thus, Liae € gnd(Ti;7ri) and 
Liae = L 2 ae € gnd(L2;7r2). Qed. 

We note that the case when no unifier exists is trivial. 

Example 2.13 Consider the following constrained literals 

• (L; tt) = (Fix, y); {x,y) (v,v) Ax a Ay b) 

• = {P{z,a)] z^b) 

Then aecording to the definition above 

{L; tt) a {L'; tt') = {P{z, a); (z, a) ^ {v,v) A z ^ a A a ^ b A z ^ b) 
whieh can be simplified to 

{P{z, a); z ^ a A z ^ b) 

This expression is empty over V 2 = {a,b}, and covers exaetly the atom P{c,a) 
over 1)3 = {a, b, c}. 

Difference 

The difference, or relative difference, {L-,tt) of two constrained literals (Ti;7ri), 
{L2',tt2) satisfies 

gnd(T; tt) = gnd(Li; tti) - gnd(L 2 ; 772 ) 

Again, if the two literals are unifiable, such a tt does exist for any finite 
domain - in the worst case we just add ground constraints to rule out the disal¬ 
lowed atoms. However, this operation might increase the size of tt exponentially, 
as demonstrated by the example below. 

Example 2.14 Consider the difference 

{L{xi,X 2 ,X 3 );T) - (L{xi,X2,X3);Ai^^ Xi 7 ^ a) 

where arity(L) = 3. If X >2 = {a, b}, we might get the still simple expression 

{L{xi,X2, X 3 ); {xi,X 2 , X 3 ) ^ {b, b, b)) 

However, if Vs = {a,b,c}, the best we can get is 

{L{xi,X2,X3); {xi,X 2 ,X 3 ) 7 ^ {b,b,b) A (xi,X 2 ,X 3 ) ^ {c,b,b) A ■ ■ ■ ^ (c,c, c)) 

It is easy to see that in general, if \T>\ = n with a G T>, and arity(L) = r, the 
size of the resulting constraint is 0 ((n — 1)’’). 

Alternatively, one might take a set of disjoint constrained literals describing 
the difference as follows. First, take the simpler case when Li and L 2 are 
the same literal L, and consider the difference (L;7ri) — (L;tt 2 ). Assume tti = 
Ai(^X]_Vi, tt 2 = Ai^xHli, and {oi \ f € 22 } is the set of induced substitutions for 
772. Then, the constrained literal set 

{{La^TTiai) \iGl 2 } 


describes the difference, i.e. 



Lemma 2.15 


[J gnd(L(Ti; TTiCTi) = gnd(L; tti) - gnd(L; 1 ^ 2 ) 

iGl2 


Proof: 

( 3 ): Assume L5 S (gnd(L;7ri) — gnd(L;7r2)). Since L5 ^ gnd(L;7r2), a 
subconstraint rji € 112 must be violated, i.e. for some i G I2, ijiS = _L. 

Then, by the earlier Remark 12.61 5 > ai where Ui is the corresponding 
induced substitution. Thus, 5 = Ui^ for some substitution Finally, since 
TTid = (TTiCTi)^, L5 G gnd(LtTi; TTiCTi) must hold. 

(C) : Now, assume {Lui)^ G gnd{Lai] niai) for some i G I2 and grounding 

substitution Then, we know that = T, and that ■n2<Ji^ = T since 

= T. Thus, Lui^ G (gnd(L;7ri) - gnd(L; 7r2)). Qed. 

However, this set is not pairwise disjoint, and therefore a further step is needed 
for our purposes. 

Lemma 2.16 W.l.o.g. assume X2 = { 1 ,...,!}, and take 

{{La^] TTiCTi A 771 (jj A 7720 'i a • • • a \ i = 1,.. .,1} 

Then this set still describes the difference and its elements are pairwise disjoint. 

Proof: We only prove one inclusion, as the other direction is analogous to the 
first proof, and disjointness trivially follows form the definition of the set. 

(D) : Assume L5 is a ground literal from the difference. Thus, ttiiJ = T and 
rjiS = T for at least one i G 12- Let i be the smallest (left-most) such index. 

Then, 5 > Ui must hold along with rjjS = T for each j < i from l2- Thus, 
L6 G gnd(L(jj; ttict* A 771 ctj A 772(7* A • ■ • A 77*_i(t*). Qed. 

We also note that the above manipulations preserve the variable disjointness 
of the left-hand and right-hand sides. 

Example 2.17 Carrying on with example \2.14\ above, we have I2 = { 1 , 2 , 3 }, 
rji : Xi ^ a and ai = (x* ^ a}, which gives 

{(L(a, X2, X3); T), (L(xi, a, X3); xi ^ a), (L(xi, X2, a); xi 7^ a A X2 7^ a)} 

as a result. 

Let |7r| denote the size of tt. Then, this operation introduces 0(|l2|) atoms 
with a maximal constraint size of 0(|7ri| -|- |7r2|) in general. This gives a total 
size of 0(2|7r*p) where |7r*| = max{|7ri|, |7r2|}. Clearly, it is independent of the 
domain size. 

Lemma 2.18 Finally, if Li 7^ L2, but ingu{Li, L2) = S exists (otherwise the 
difference is (LijTTi)}, and u denotes the argument of the top symbol in Li, we 
get the desired set by adding 


(Li; TTi A 77 7^ u5p) 

to the set (Li 5 ; 7ri(5) — {L2S; 1126) where the variable renaming p introduces fresh 
variables for the variables in uS. 
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Proof: The literals in gnd(Li; 7 ri) can be divided into two disjoint group 
based on whether they are instances of L2 or not. 

Those that are no instances of are covered by the proposed constrained 
literal (Li; tti A it u5p). Clearly, each such literal is in the difference. 

The common instances are covered by From these literals we 

have to remove those which are covered by (L2; 712) as well. Clearly, it is enough 
to compute the difference {Li 5 \tti 5 ) — (L 2 < 5 ; 7 r 2 i 5 ). 

The resulting set together with (Li; tti Au ^ u6p) covers exactly the elements 
of the difference. Qed. 

It is easy to see that the proofs above hold even if some of the constraints 
are the constants T or T, and our definition of induced substitutions in the case 
of constants supports the proofs. 

The disadvantage of the second method is the fragmentation of the con¬ 
strained literal, especially since after every time we derive a new assignment we 
have to subtract each unifiable already defined literal. 

Remark 2.19 Whenever we compute a difference and get a set of literals as a 
result, we carry on working with the literals separately. 

We could extend our constraint language to handle a set of constrained lit¬ 
erals as a single expression. In the literature the corresponding constraints are 
called disjunctive implicit generalizations, see e.g. for details. 

Checking Emptiness 

The problem of deciding whether a constrained literal is empty. As we men¬ 
tioned before, this is equivalent with the unsatisfiability of the corresponding 
constraint. 

This is in general a co-NP-complete problem mm- Lassez and Marriott 
proposes an algorithm for computing explicit representation in [ 24 ) . which can 
be used for determining emptiness as well. Their algorithm is based on generat¬ 
ing disjoint partitions of instances by instantiating a single variable with every 
possible function symbol at every step. 

We note that the operation is indeed complex, but so is checking subsump¬ 
tion and subsumption resolution in first-order theorem provers, and even iProver 
calls CDCL iteratively. Yet, these techniques are efficient in practice, which we 
consider an indication that an efficient implementation of NRCL is possible. 

We propose here an enumeration-based algorithm. Assume V = {ai,..., a„} 
is ordered by >, and On > an-i > ■ ■ ■ > oq. For a constrained literal (L; tt) with 
left-hand side variables Xi, ... ,Xk, we find a solution (ci,C2,...,Cfe) denoting 
{xj Cj I j = 1 ,..., fc} by enumerating the possible assignments starting with 
(oo, tto, . . . , Oq). 

If for an intermediate assignment (ci, C2,..., Cfc) the subconstraint x ^ t G tt 
is false, then we increase the value of the right-most position involved in x. If 
it is already a„, we reset it to oq and increase the next involved variable to the 
left. 

If no further increase is possible, there is no solution. If we get a solution 
for X t, we pick the left-most involved variable which we changed, and reset 
all non-^ variables to ag. 

By repeating the above steps, we either get a solution satisfying tt, or attempt 
to increase beyond (a„, a„,..., a„), proving the unsatisfiability of the constraint. 
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Besides simplicity, this algorithm also has the advantage that the solution 
might be reusable in operations. We only need to make sure that the solutions 
for the operands are comparable in the sense that they denote the minimal 
solutions of the respective constraints w.r.t. the same ordering over the possible 
assignments. 

This can be ensured by ordering the variables based on their left-most oc¬ 
currence. This way, the solutions of any two non-empty constrained literals 
with the same predicate symbol are comparable by taking the arguments of the 
ground literals representing the solutions. 

Then, it is enough to consider substitution and adding new subconstraints 
as primitive operations. Both meet and difference builds upon these steps. 

When applying a substitution a, we check if the current solution satisfies the 
positive equality constraints induced by a. If yes, then we apply the substitution 
and keep this solution. 

Otherwise, we keep enumerating by always checking the positive conditions 
first. If we find an assignment satisfying both tt and a, we apply a and save the 
new solutions. If no solutions to be found, the new constrained literal is empty. 

When extending tt with a new subconstraint x ^ t, we simply continue the 
enumeration with the current solution and the extended constraint tt A x ^ t. 

2.4 Model Representation 

Model Candidate 

On the course of this paper, we represent a model candidate, also called a model 
assumption, as a set T of constrained literals. 

Definition 2.20 A set of constrained literals T is called consistent if there is 
no ground atom covered by both a positive and a negative literal from T. 

r is strongly consistent if its elements are pairwise disjoint w.r.t. covering 
atoms, i.e. for all different (L; tt), (L'; tt') G T, gnd(|L|; tt) O gnd(|L'|; tt') = 0. 

We consider only strongly consistent sets in this paper. 

Definition 2.21 (Induced Interpretation) The set of positive constrained 
literals in T is denoted by r+. Then the first-order interpretation Jr induced 
by r is given as 

It= IJ gnd(L; tt) 

(L;7i-)6r+ 


This interpretation serves as a minimal model defined by the positive literals, 
and it is used in the rule Success and the relevant proofs. 

Trail 

NRCL attempts to lift the classic CDCL, and as such, it uses a sequence of 
literals to store the current partial model assumption. 

This trail in our case is a sequence of annotated constrained literals. We 
retain the notation T, and extend all our definitions and operations for sets of 
constrained literals to trails as well. We call the elements of T assignments, as 
they define truth-values of ground atoms. 
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Literals in L are either decision or deduced literals. Decisions are annotated 
with a unique positive integer, with (L; 7 r)* representing the tth decision in L. 
Deduced literals are annotated with their reasons, a first-order clause from the 
current clause set. In the course of the paper, a is used to denote an arbitrary 
annotation, C to denote a reason clause, and k, I, i to denote integers. 

We define the value of a ground literal or ground clause true, false, or un¬ 
defined under L lifting the notions of CDCL. In particular, a ground literal L' 
is defined by a constrained literal {L;tt) € F, iff \L'\ G gnd(|L|;7r). If such an 
{L;tt) exists, we also say that F defines L'. Then, the value of the defined 
ground literal L' is true iff L' and L has the same polarity. 

Non-ground literals are treated as unit clauses, and a set of ground clauses 
represented by the constrained clause (C';7r) is true or false in F, if all of the 
covered ground instances are true, or false, respectively. The notion of defined 
by F extends to constrained clauses similarly, i.e. (C';cr) is defined w.r.t. F iff 
for each C G gnd(C';CT), at least one L' G C is defined under F. We note that 
the definition of a false constrained clause is non-standard, and it is formulated 
this way to conveniently define later the invariants and the rule Conflict. The 
notion of defined by F can be extended to constrained clauses similarly. 

The level Ivl(L) of a ground literal L w.r.t. the trail F is defined as in CDCL: 
The annotation of a decision in F is the level of this decision literal. Then, the 
level Ivl(L) of a defined ground literal L w.r.t. F is the level of the last decision 
in F before the constrained literal defining L, and zero if no such decision exists. 

If k is the level of a literal, we might also say the literal is of level k. We call 
the largest level occurring in a trail the top-level, and also the level of the trail. 
If no decision occurs in the trail, it is considered 0 . 

Following the terminology of SAT solvers, we call a ground clause assertive 
iff it is false w.r.t. the current trail and contains exactly one top-level literal. 

Finally, we say a first-order clause C or a constrained clause (C'cr;7r) is as¬ 
sertive iff gnd(C'), and gnd(C'cr; tt) contains at least one assertive ground clause, 
respectively. 

Induced Abstraction 

Using F to define truth-values for groups of ground atoms represented by con¬ 
strained literals can also be seen as providing a propositional abstraction and 
an abstract partial interpretation. 

In this context, our calculus can be seen as a fine-grained abstraction- 
refinement algorithm, which interleaves refinement and abstract model search, 
and lets the clauses and decision heuristics guide the implicit abstraction and 
refinement steps. 

Below, we provide the related definitions and use these later to define our 
induced ordering. Beyond this, we do not take any advantage of this connection. 
Further investigation this direction and utilizing existing results for abstraction- 
refinement-based procedures is left for future work. 

We call a set of positive constrained literals $ an abstraction. An abstraction 
$ provides a (partial) partitioning of As, and by identifying its elements with 
propositional atoms, we can assign a propositional abstraction to our clause set 
N. 

These propositional atoms are called abstract atoms. The notions abstract 
literal and abstract clause are the corresponding syntactic expressions built from 
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abstract atoms. We use the abstraction function def$, or simply def, to assign 
the set of abstract expressions to literals or clauses w.r.t. an abstraction $. 

Then an abstract interpretation over an abstraction $ is a propositional 
interpretation over the corresponding abstract atoms. 

If the totality of def$ is needed, we identify uncovered ground atoms with 
the unique abstract atom _L, and the domain of the interpretation is extended 
accordingly. 

The abstraction $r induced by T is defined as 

<i>r = |r| = {(|T|;^) I (T;^)er} 

If r is strongly consistent, $r is always consistent, i.e. any ground atom is 
covered by at most one element of $. 

r can be seen as dehning an abstract interpretation over $r assigning truth- 
values to abstract atoms based on the polarity of the corresponding constrained 
literals in T, and undef to the abstract atom T. 

2.5 Induced Ordering 

In the following, let < denote a given well-founded total ordering over ground 
expressions - atoms, literals and clauses. Furthermore, let T denote a strongly 
consistent trail. 

Definition 2.22 The abstraction function def defined by T is given as 

, r/p\ _ j 'if (L'j'n') € r and {L]tt) defines P 

^ T if no such (T;7r) € T exists 

for each P € Ay: ■ 

Then, def can he extended to ground literals and clauses by assigning the corre¬ 
sponding negated abstract atom to a negative literal, and the disjunction of the 
corresponding abstract literals to a clause, respectively. 

Definition 2.23 The precedence ordering <p (<p) defined by T is the ordering 
over the constrained literals in T defined by their position in T, i.e. 

<p {L2;tt2 ) iff 

T = T,,iW,7rir\T2,iL2-,7r2rfT3 

for some ri,r2,r3 and annotations ai, 02- 

We extend the ordering to ru{T} with T as maximal element. Finally, this 
ordering is extended to abstract literals and clauses as usual. 

Definition 2.24 The ordering induced by F is defined over Ay and 

given as follows: P Q iff either 

1 . def(P) <p def(( 5 ), or 

2 . def(P) = def(( 3 ) and P < Q 

The ordering is extended to ground literals in the usual way, resulting in the 
literal ordering <p*. 

Finally, we extend it to ground clauses: C <r C iff either 
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1 . def(C') <p def(C"); or 

2. def(C') = def(C") and C C 

where (<p*)m«i denotes the multiset extension of the literal ordering. 

<r extends the atom and literal orderings, and we call it the ordering induced 

by r. 

Proposition 2.25 <r is well-defined, total on ground clauses, and a well- 
founded ordering. 

Proof: It is easy to see that both <p and {<^ff)mui are well-founded and total 
orderings over ground clauses. Since <r is the lexicographical combination of 
these orderings, <r inherits these properties. Qed. 

This dynamic ordering captures the local correlation between the atoms and 
literals in the search, and shifts the focus on the recent behavior of the calculus. 
Finally, we introduce an easily provable proposition, which is used in the proofs 
later on. 

Proposition 2.26 Let < he an arbitrary well-founded and total ordering over 
ground clauses, S and S' finite sets of ground clauses, and assume there is a 
function 7 : S" —>■ S' such that for each C G S', C < 7 (C'). 

Then S' < S holds w.r.t. the multiset extension of <. 

3 Calculus 

The calculus NRCL attempts to find a model through a series of both arbitrary 
and deduced assignments. Analogous to the propositional SAT solvers, we ap¬ 
ply propagation to find literals implied by existing assignments, and once it is 
exhausted, we add arbitrary literals, so-called decisions to the trail. 

We call this phase conflict search and it ends with either a model of the 
original clause set, or with finding a clause C with some instances given in the 
form (C]<7 \'k) falsified by the current trail. In the latter case, we start conflict 
resolution and through resolving the current false clause with reason clauses 
from the trail, we learn a new assertive clause and backtrack to a state where 
this clause is not yet falsified by removing some of the most recent assignments 
from the trail. 

As opposed to propositional SAT solving, where every clause can be consid¬ 
ered already exhaustively factorized, in our case some ground instances might 
be still subject to factorization, and this requires further rules. 

The rule Factorize handles this during clause learning. However, the calculus 
might still reach a state where the right-most literal on the trail is the last 
decision, the learnable clause is not assertive, but no factorization is possible. 
When such a state is reached, we simply learn the current candidate for clause 
learning. To avoid this situation again, we further demand that a new decision 
should not falsify any clause instance immediately, unless Factorize is applicable. 

We call a clause blocking a new decision if adding the decision to the trail 
would falsify an instance of the clause without allowing Factorize to handle 
the immediate conflict, see the precise definition below. We note that a clause 
learned in the above fashion blocks the last decision. 
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Definition 3.1 We say that a decision is blocked in F by a clause C, if 

C has a ground instance Ca with Li, L2 € Ca such that for F' = F, (L; tt) 

• Ca is false under F' 

• (L; tt) is undefined in F 

• Li and L2 become false by the decision, i.e. ->Li,-iL2 G gnd(L; 7 r) 

• Li ^ L2 

If no such C exists, we say that the decision is not blocked in F. 

Example 3.2 Consider V = {a,b,c}, F = {{-•Q{x,y);Ty}, and 

N={C : ^P{x) V ^P[y) V Q{x, y),...} 

Then the decisions (P(a;);T), {P(x);x c) are both blocked in F by C, as 
witnessed by the ground instance ~'Pia) V ~'P{b) V Q{a, b). 

We give our calculus as a set of rules over so-called states, tuples of the form 

(F;N;U;fc;s) 

where F denotes the trail, N the given clause set, U the set of learned clauses, k a 
non-negative integer - unless terminating with Success and s a state indicator. 
The latter can be T, T, or a set of clause instances gnd(C'cr; tt) given as (C; cr; tt). 

T indicates the conflict search phase, if fc > 0 , or that F defines a model for 
N, if fc = — 1 . _L means the empty clause has been learned, i.e. the unsatisfiability 
of N has been established. Finally, an indicator of the form (C; ct; tt) represents 
a set of clause instances falsified by the current trail F, and indicates the conflict 
resolution phase of our calculus. 

Our results extend to any derivation starting from a sound state (see Defi¬ 
nition Ol) . Here we propose the initial state 

(e;N; 0 ;O;T) 

where e stands for the empty trail, and N is the set of input clauses. 

Next, we address a technical question regarding deduced literals and conflict 
resolution. It is often the case that for a clause (C V L) G N with Ca implying 
{La',TT) for some a, tt w.r.t. the current trail F, the involved substitution a 
substitutes variables not occurring in L. See Example 13.31 for a demonstration 
of this behavior. 

Should we save only {La; tt) to the trail, we would lose this part of the assign¬ 
ment. However, during conflict resolution we need the exact clause instances 
responsible for the assignment. Therefore, to avoid recomputing the relevant 
substitutions, we save the constrained closure {L-a;TT), where L-cr is the closure 
representing La. 

This is an extension of the existing notation for the sake of clause learn¬ 
ing. For all other purposes, L • cr is identified with La, and all definitions over 
constrained literals can be extended to constrained closures accordingly. The 
literal L is also considered to be a short-hand for L ■ 0 . We also note that in our 
calculus decisions are always considered having empty closures. 
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Finally, a short remark on the usage of the operations over constrained 
expressions: Conjunction is used whenever we try to unify two constrained 
literals, e.g. during learning a new clause via resolution, or finding candidates 
for propagation. Difference is needed when we remove already defined literals 
ensuring that a new assignment only defines new values. Emptiness is tested 
overall in the calculus to ensure that a new assignment indeed defines the value 
of at least one ground atom. 

Below, we provide the rules of our calculus in a generic style as a state 
transition system, similarly to m- We note that in the rules tti , tt2 is often 
used as a short-hand for tti A 7 r2, if it is unambiguous. Furthermore, blocking 
is considered only w.r.t. the current clause set N U U in the rest of the paper. 
For further details on the applied strategy and technicalities, see Section 5 and 
Section 8. 

3.1 Rules for Conflict Search 

Propagate 

(F; N; U; k; T) ^ (F, (L • a; N; U; fc; T) 

if fc > 0 , and for {C V L) € (N U U), a, and tt 

• (Ccr; tt) is false under F 

• (Lcr; tt) is undefined in F 

• (Lcr; tt) is not empty 

This rule deduces new literals which have to be true under the current model 
assumption. The conditions ensure that this step is sound and effective, i.e. 
each ground literal defined by the added literal is indeed a consequence and at 
least one such literal exists. 

Example 3.3 Let a,b € V, N and U arbitrary, Ci,C2 € N, and the current 
state 

(r;7V; C/;1;T) 

where 


F = {P{x,x)-,T)^\{Q{a,x)-,l')^'^, (-.P(x,y); {x,y) ^ (u,u))^ 

Then, if C = P{y, b) V -'Q(x, y) V R{y) is a clause from N, Propagate can be 
applied for C, and we might get the state 

{T,{Riy)-{x^a};y^b)^-N-, U; 1 ;T) 


Decide 

(F; N; U; t, T) ^ (F, (L; N; U; A: + 1 ; T) 
if A: > 0 , and for L, tt 

• (L; tt) is undefined in F 

• (L; tt) is not blocked in F 

• (L; tt) is not empty 
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• 3 (C' V L') e N such that \L\ > |L'|, i.e. 35 ■. L = L'S, oi L = -•L'S 

Decide adds an assumption to V which is not blocked by any of the clauses, and 
which is effective. 

We note that the last condition is optional, it does not influence any of our 
results. This restriction allows earlier termination with Success and keeps the 
calculus from defining irrelevant ground atoms. After terminating with Success, 
every undefined ground atom can be considered having arbitrary truth-values, 
or simply false, the way it is defined in Ir- 

We also note that blocking only identifies one kind of immediate conflicts, 
we might still get to an outright conflict if it can be handled with factorization, 
see Example Id .41 below, and Lemma [ 5.51 for details. 

Example 3.4 LetV = {a,b,c}, T= (P(a;,a:); (Q(a:, a); and 

N= {P{x,x),Q{x,a),^Q{x,y) V Pix,y) V P(x,y)} 

Then, the decision {-<P(x,y); {x,y) {v,v)) is not blocked, yet 

hQ{x, y) V P{x, y) V P{x, y)-, {y ^ a}; x 7^ a) 

is false w.r.t. T, {->P(x,y); {x,y) ^ (w,w))^. We note that conflict resolution 
learns the clause -<Q{x,y) V P{x,y) from this conflict. 

We also note that whenever a decision is blocked, we can always pick a stricter 
unblocked decision, shown below. 

Proposition 3.5 For every blocked decision {L; tt) and blocking clause C, there 
is a decision (Lcr; ttct, tt') for some a, tt' such that it is not blocked by C and it 
is not empty. 

Proof: It is easy to see that any ground literal from gnd(L; tt) satisfies this 
condition. Qed. 

Conflict 

(r;N;U;fc;T)^(r;N;U;fc;{C;a;^)) 
if A: > 0 , and for some _L 7^ C G (N U U), cr, and tt 

• (Ccr; tt) is false under T 

• (Ccr; tt) is not empty 

Conflict identifies a set of clause instances contradicting the current model as¬ 
sumption. We also refer to this set as the conflict-set. 

Example 3.6 Let V = {a,b,c}, and 

N= { Cl : -.P(c),C2 : -'P(x) V -^P{y) V Q{x,y), 

C3 : ~^P{y) V -^Q{a, y), C4 : -^Q[x, b) V -'P(x) } 
r = (-P(c); , (P(x); x ^ c)\ (-Q(a, y); y ^ c)^^ 

Then the following is a valid step: 

(T; A; 0 ; 1 ; T) (p; N; 0 ; 1 ; (-P(x) V -P(y) V Q{x, y); {x ^ a}; y 7^ c)) 
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Success 

(r;N;U;fc;T)^(r;N;U;-l;T) 

if fc > 0, and Ir H N. 

We note that the last condition, Ip ^ N, can be replaced by demanding that 
the rules Propagate, Decide and Conflict are exhausted and _L ^ (N U U). 

From this it follows that each ground atom is defined and there is no falsified 
instance, i.e. every ground clause C S gnd(N UU) is true w.r.t. the current trail. 

Failure 

(r;N;U;fc;T)^(r;N;U;0;±) 

if _L e (NUU). 

The two terminal rules correspond to the satisfiability and unsatisfiability 
of the clause set, respectively. Unsatisfiability is detected through learning the 
empty clause _L. 

3.2 Rules for Conflict Resolution 

Skip 

(r, {L' ■ a'; tt ')^ ; N; U; fc; (C; ct; tt)) ^ (F; N; U; fc; (C; cr; tt)) 
if there is no L € C such that 

• 3 r] = mgu(T'cr', -^La), and 

• (Ccrrj-jTnjjTr'r]) is not empty 

Skip drops the right-most literal from the trail during conflict resolution if it is 
not a decision and it does not contribute to the conflict, i.e. it does not touch 
any instance of the conflict-set. 

Resolve 

(F, {L' • a'; N; U; k; {C V L; a; tt)) ^ 

(F, {V • a'; N; U; fc; ((C V C)r/o; ir'p)) 

if for L', a, tt' and C V L', and 

• ((C V L)(7; tt) is not assertive, or fc = 0 

• dry = mgu(T'cr', -^La), and let 

- Vo = mgu(L', -^L) 

— a* such that aa'ij = r/ocr* 

• ((C V L)ari', ttij, tt'-tj) is not empty 

We note that keeping cr* |var((CvC')r;o) instead of a* is enough for the sound¬ 
ness of the rule and our calculus, as it contains all the relevant information. 
Furthermore, the existence of rj implies the existence of rjo and a*. 

If the right-most literal in F is not a decision and is involved in the conflict- 
set, we proceed with resolution. The conditions imply that there are corre¬ 
sponding ground inferences and the new conflict-set is not empty. 
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Note that dropping the used literal is not desired as the new conflict might 
still be resolvable with it. 

Factorize 

(r, £; N; U; fc; (C V Li V L2; a; tt)) ^ (F, N; U; k; ((C V Li)r,o; a *; tttj)) 
if = (L' • tT'; 7 r')“ for some L', a', tt', and annotation a, and 

• 3 r] = mgu{Licr, ^20", L'a'}, and let 

- r]o = mgu(Li,L 2 ) 

— a* such that arj = rjoa* 

• ((C V Li)ari; ttt;, tt't]) is not empty 

Again, the existence of rj implies the existence of rjQ and the appropriate a*, 
and keeping a* |'var((CvC')i)o) sufficient. We also note that a can be both a 
reason clause and a decision level. 

Factorize factorizes some of the conflicting ground clauses. As in the case 
of Resolve, the used literal should not be dropped from the trail. 

Backjump 

(Fi, Fa; N; U; k; (C; a; tt)) ^ (Fi; N; U U {C}; k'; T) 
if 0 < fc' < fc, fc' = Ivl(Fi), and one of the following condition-sets hold; 

( 1 ) fc = 0 , and C = _L, or 

( 2 ) fc > 0 , (Ccr; 7 r) is assertive, and C has no false instance under Fi, or 

( 3 ) k > 0 , the right-most element of F2 is the top-level decision, {Ca;Tr) is not 
assertive, Factorize cannot be applied, and C has no false instance under 
Fi 

It is clear that fc' = 0 or fc' < fc in case ( 1 ) and ( 2 ), ( 3 ), respectively. 

The optimal choice for k' is the smallest level for which the learned clause 
can be used in Propagate. Such a k' might not always exist for the learned clause 
C, largely due to the instances of C not covered by (Cct; tt). In these cases the 
optimal choice for k' is the largest level for which C has no false instance. For 
more details see Section 8 . 

In case ( 1 ), we say that the empty clause T is learned. In case ( 2 ), we say a 
new assertive clause is learned, and in case ( 3 ) a new blocking clause is learned. 

The latter clause is indeed blocking the last decision under some regularity 
conditions, see Lemma El for details. We note that case ( 3 ) can indeed occur 
as the following example demonstrates: 

Example 3.7 (Learning a blocking clause) 

Consider the clause set 


N={Ci: R{x,x),C 2: P{x)y ^Q{x,y),Cz : R{x,y)y Q{x,y)y P{x)y P{y)} 
and let F = F', {-<Q(x, y); with 

F' = {R{x,x);Tf\(-^R{x,y)-, {x,y) ^ (u,u))\ (^-^P[x)-,Pf 
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Then the following is a valid conflict resolution: 


(r;iV;0;2; {R{x,y) V Q{x,y) V P{x) V P(y);0; {x,y) ^ {v,v))) 


Resolve 


{T;N;<ll; 2 ;{R{x,y)V P{x)\/ P{x)V P{y)](l>;{x,y) ^ {v,v))) 


Skip 


Factorize 


(r'; N] 0; 2 ; {R{x, y) V P{x) V P{x) V P(y); 0; (a;, y) (w, w))) 

(r'; AT; 0; 2 ; y) V P(a;) V P(y); 0; (a:, y) ^ {v, v))) 

((P(a;, a;); , i^R{x, y); (a:, y) (a;, v)y-,N; {R{x, y) V P(a:) V P(y)}; 1 ; T) 


Remark 3.8 We also wish to note that the current formulation of the calculus 
handles blocking decisions and learning blocking clauses asymmetrically in the 
following sense. 

Let T> = {a, 6, c}, N = {P{x, x), Q{x, a), -^Qix, y) V P{x, y) V P{x', y)}, and 
r = (P(a:, x)- (Q(a;, a); 

Then the decision (-iP(a;, y); (a:, y) ^ {z,z)) is blocked by ->Q{x,y) V P{x,y) V 
P{x',y). We could use factorization and learn {~'Q{x,y) V P{x,y)), but instead 
we rather throw away the decision candidate and try another. 

On the other hand, if in some regular run (see Definition \ 5 .‘A) a confliet state 
of the form 

(r', N’; P’; k; {^Qix, y) V P{x, y) V P{x', y)-, {y ^ a}-,x ^ a ^ x' ^ a)) 

with I = (-iP(a;, y); (a;, y) ^ {z,z)) arises, we choose Factorize over learning a 
blocking clause outright - there is indeed a blocking instance -, and learn the 
assertive and not-blocking ->Q{x,y) V P{x,y) in the end. 


3.3 Example 


Example 3.9 As an example, we present a derivation which constructs a model 
over V = {a, b, c} for the clause set 

N = { Cl : -'P{c, X, x), C2 : ~^P{x, y, z) V -'P(u, w, t) V Q{x, u), 

C3 : -^P{x, y, z) V -'<5(0, a;), C4 : -^Q{x, b) V -^P[x, y, z) } 


The run below is by no means optimal - any sensible heuristic would choose the 
negative assignment for P outright -, but it is a valid derivation, and serves well 
as a demonstration for the syntactic behavior. 


E;iV;0;O;T) 


Propagate 


{{^P{c,x,x)-Tf^-N-tD-O-T) 


Decide 


{hP{c,x,x)-,T)^\{P{x,y,z)-,x ^ c)^A^; 0 ;l;T) 
((^P(c,a;,a;);T)'^p(P(a:,y,z);a; 7^ cf ,{-^Q{a,x)-,x ^ 0 ; 1 ; T) 


(...; Ai; 0 ; 1 ; {^P{x, y, z) V -'P(u, w, t) V Q{x, u); {x a}; u 7^ c)) 

(...; Ai; 0 ; 1 ; (-'P(a, y, z) V -'P(m, w, t) V -'P(w, y', P); 0 ; u c)) 

{..., (P(x, y, z); X 7^ c)^ AT; 0 ; 1 ; (^P(a, y, z) V ^P(m, w, t) V -■P(m, y', z')-, 0 ; m 7^ c)) 
Fac^zze ^ ^ ^ X 7^ c)^ A^; 0 ; 1 ; (-■P(a, y, z) V -'P(u, w, t); 0 ; m 7^ c)) 
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Fac^ize 3,). y)Ci ^ ^ ^ c)^iV; 0 ; 1 ; (-.P(a, j/, z); 0 ; T)) 

LetUi = {C5: -^P{a,y,z)}. 

Backj^mpi2) T)C. . ^. p^.Q-y) 

((-P(c, X, x); , (-P(a, y, z); iV; Pi; 0 ; T) 

((-P(c, X, x); , (-P(a, y, z); T)C^^ (P(&, j/, z); T)i; TV; Pi; 1 ; T) 

(..., (P(6, y, z); T)i, (Q(x, u) • ai; TV; Pp 1 ; T) 

WTiere cti = {x -S— 6, i6 ^ 6}. 

(..., (g(x, w) • ai; T)^p TV; Pi; 1 ; (-g(x, 6) V -P(x, y, z); {x ^ &}; T)) 


{...;N;Ui;l; (-'P(x, j/, z) V -.P(x, j/', z') V ^P{b, w, t); {x <r- b}; T)) 


Skip 


{..., {P{b, y, z); T)i; N; Pi; 1 ; (-'P(x, y, z) V -'P(x, y', z') V -.P(6, w, T); {x ^ 6}; T)) 

Fa.^r.ze ^ ^ ^ ^^ 1 . Bae.i™p(2) 

((-P(c, X, x); T)Ci, (-P(a, y, z); T)^- TV; Pi U {^P{b, y, z)}; 0 ; T) 

((-P(c, X, x); Tf^, {^P{a, y, z); T)C^^ (-P(6, y, z); TV; P2; 0 ; T) 

PF/iere P2 = Pi U {Ce : J/;-s^)}- 

(..., (-P(&, j/, z); (-P(c, y, z); (j/, z) ^ {v, v))^; TV; P2; 1 ; T) 


(..., (-'P(c, y, z); (j/, z) ^ (v, v))\ (g(x, j/); T)^; TV; P 2 ; 2; T) 


Success 


(..., (-.P(c,y,z); (j/,z) 7^ (x,x))\(g(x,i/);T) 2 ;Ar; P2;-1;T) 


4 Soundness 

Now, we show soundness. The following state invariant defines a consistency 
notion for states. 

Definition 4.1 A state (T; TV; P; k; s) is sound if and only if the followings hold: 

1. r is a eonsistent sequence of constrained literals 

2. r is well-formed, i.e. 

(a) if k > 0 then T contains exactly k decisions 

(b) for each i from 1 , 2 ,... ,k, there is a unique (P;tt)* G T 

(c) the decisions occur in T in the order of their levels 

(d) for each decomposition T = Ti, (P;7r)®,r2; (P,7r)* satisfies the condi¬ 
tions of Decide w.r.t. Ti, TV, and U 

(e) for each decomposition V = Ti,{L ■ ,T2; {C<j-,f) is false 

under Fi, and (Pcr;7r) satisfies the conditions for Propagate w.r.t. 
r 1 and C W L 


3 . N\=U 

4. s = P implies _L € TVU P 
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5 . k = —1 implies Ir \= N 

6 . if s = (C';cr;7r) then (C'cr;7r) is false under T, N \=C, and {Ca;Tr) is not 
empty. 

A rule is called sound iff it preserves the soundness of its left-hand side state. 

It is easy to see that the initial state (e;N; 0 ;O;T) is always sound. Fur¬ 
thermore, soundness is an invariant, since each rule preserves this property, as 
proven below. 

Theorem 4.2 The rules of NRCL are sound. 

Proof: The soundness of Propagate, Decide, Conflict, and the terminal rules 
Failure and Success is straightforward to prove from the definitions themselves, 
and therefore, we entrust it to the reader. 

In the case of Skip, dropping the right-most literal {L' ■ a'; from F does 
preserve the well-formedness and consistency properties of F. N |= U remains 
unchanged and the rest of the conditions are irrelevant in this case, except for 
the last one. 

Now, assume the last property does not hold after applying Skip. It is only 
possible if some ground clause C" from gnd(C'CT;7r) were false under T,{L' ■ 
a'-,Tr')^ , but is undefined under F. Thus, (T'cr';7r') must have made it false, 
and therefore, for some 6 and L" € C", L" = -^L'cr'6 and tt '5 is true. 

Let L be the literal in C corresponding to L". Then, the most general unifier 
T] of -iLct and L'a' must exist and C" G gnd(C'CT?7; Trr/, Tr'r/), which is therefore 
not empty. This violates the preconditions of Skip, a contradiction. 

For Resolve, it is enough to see that the new clause is a consequence of N, 
and the new state indicator ((C V C')r]o;a*;Trr],Tr'ri) is unsatisfiable under F, 
using the notations of the definition for Resolve. 

The first claim follows from the soundness of the left-hand side and from 
the soundness of resolution. As for the second claim, we make the following 
observations: 

• (C V C')r]oa* = (C" V C)aa'r] 

• Each instance from gnd(C''cr'?7; tt't]) is false under the current trail, as per 
the well-formedness conditions for derived literals. 

• Each instance from gnd(C'cr?7; irr]) is false under the trail by the soundness 
of the left-hand side. 

From these it follows that each ground clause from gnd(C' V C; aa'p; 'kt}, tt't/) is 
false under the current trail. 

The soundness of Factorize can be proven analogously, and the proof for 
Backjump is straightforward. We entrust them to the reader. Qed. 

Next, we define runs, i.e. sound derivations in our calculus. 

Definition 4.3 A run (from a clause set N) is a sequence of states such that 
each subsequent state is derived with a rule from the previous one, and the initial 
state is a sound state (with N as the original clause set). 
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A direct consequence of Theorem 14.21 is that each state in a run is sound, 
and in particular, for each conflict resolution state (T; N; U; fc; (C; cr; tt)), each 
ground clause from gnd(C'cr; tt) is false w.r.t. T. 

Theorem 4.4 (Soundness) The calculus NRCL is sound, i.e. if a run termi¬ 
nates with the Failure, or Success rules, then the starting set N is unsatisfiable, 
and satisfiable, respectively. Furthermore, in the latter case the trail upon ter¬ 
mination defines a model of N. 

Proof: It follows immediately from the definitions and Theorem 14.21 Qed. 

5 Regular Runs 

In this section, we define a strategy for NRCL in the form of regular runs, which 
is sufficient to prove both non-redundant clause learning, and termination in the 
later sections. 

Definition 5.1 A sound state (T; A; U; k] s) is regular ijf the following hold: 

• 7 /r = r', (L ■ cr; 7 r)“, then no clause from N\J U is false w.r.t. T'. 

• For all decomposition T = Ti, (L; tt)®, r2 with decision (L; 7 r)*, Propagate 
is exhausted w.r.t. Ti and NU U. 

We note that the last assignment on the trail might still make some clauses 
false, and the initial state (e; N; 0 ; 0 ; T) is always regular. 

Definition 5.2 We call a run regular iff the following holds: 

• The starting state is regular. 

• During conflict search, rules are always applied in this order exhaustively: 
terminal rules. Conflict, Propagate, Decide. (Or Failure, Conflict, Propa¬ 
gate, Decide, Success, if we test success through exhausted conflict search.) 

• In conflict resolution Backjump is always applied as soon as possible, and 
it backtracks to a regular state. 

Lemma 5.3 Regular runs preserve regularity, i.e. every state in a regular run 
is regular. 

Proof: It follows from the definitions, we only note that backjumping to a state 
which is regular w.r.t. the new learned clause set as well is always possible. If 
nothing else, the empty trail is always a valid choice. Qed. 

The backtrack-level proposed in the proof above is not practical, of course. For 
more details on a more accurate backjumping to a regular state see Section 8 . 

Below, we show some useful properties of regular runs. 

Lemma 5.4 In a regular run the following hold: 

( 1 ) For any deduced literal {L ■ a;TT)^'^^ of level k on the trail with k > 0 , each 
ground clause in gnd))!!!' V L)cr; tt) contains at least two literals of level k. 
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(2) If{C;a;Tr) represents false clauses in some confliet state, then eaeh ground 
clause in gTid{Ca; tt) contains at least two top-level literals, if the state is 
the result of an applieation of Conflict, and at least one top-level literal 
otherwise. 

(3) If a clause C is learned according to the case Backjump-(3), then it blocks 
the former top-level decision. 

Proof: First, assume (L • CT;7r) is a deduced literal and it was implied by (C V 
L; cr; tt) w.r.t. F which was the current trail before the corresponding application 
of Propagate. 

Let k be the level of the right-most decision in F, and C'\l L' a ground clause 
from gnd((C' V L)cr; tt) such that L' corresponds to L. Then L' is of level k, of 
course. 

Furthermore, if no other literal in C is of level k, C V L' would have im¬ 
plied L' before the last decision, which contradicts the exhaustive application 
of Propagate. Thus, C" V L' must contain at least two literals of level k. 

Second, since conflicts are found immediately, any conflicting non-empty 
ground clause C' must contain at least one top-level literal. A conflicting ground 
clause with a single top-level literal, however, would contradict the exhaustive 
application of Propagate. Thus, after applying Conflict, all ground clause in the 
conflict-set contains at least two top-level literals. It only remains to show that 
the rules Resolve, Skip, and Factorize preserve the weaker property of having 
at least one top-level literals. Obviously, e.g. Factorize can break the stronger 
property. 

We only prove this for Resolve, the rest can be shown similarly. Assume 
that at an application of Resolve {L' -a'; tt')^ is the involved deduced literal, 
(C V -'T;(7;7r) represents the false clauses before, and ((C V C')r]Q;a*;TTri,7r'r]) 
after applying the rule, where rj = mgu(LV', La), tjq = mgu(L', L), and cr* such 
that Tjoa* = aa'rj. 

It is easy to see that for every ground clause 

(Co V Cp) e gnd((C V C')aa'ri; ttt], tt't]) 

there are corresponding ground clauses (Cg V Lq) G gnd((C' V L')a''q-,Tr'ri) and 
(Co V -'To) € gnd((C V -^L)ar]-, in]) whose resolvent is exactly (Co V Cg), and Lq, 
Lq correspond to L and L', respectively, and Lq = Lq. 

Then, by the first claim of this lemma, Cq must contain at least one top-level 
literals, and so does Co V Cg. 

Finally, assume C is learned when case (3) of Backjump is applied to the 
state 

(F,(T;7r)^N;U;A:;(C;a;7r)) 

Now, let {C V T'l V • • • V T') € gnd(Ccr; tt) an arbitrary ground clause, where 
L[, ..., L'g denotes the top-level literals of the clause. 

By (2), s > 1, and, since (Ccr; tt) has no assertive clause, even s > 2 must 
hold. We also know that Factorize was not applicable, thus, for any i j from 
I,... ,s, Li ^ Lj holds. Thus, C blocks the decision (L; tt) w.r.t. F, as witnessed 
by the ground clause above. Qed. 

It can be also shown that if there is an immediate conflict after a decision 
in a regular run, Factorize is applied next. 
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Lemma 5.5 Assume 


(r,(L;^)'=;7V; U-,k;T) 


4 ^ 


(T,{L-7t)>^;N; U-k-{C-a'-n')) 


is a valid subderivation in a regular run. Then Factorize, and only Factorize, 
is applicable to the conflict state (F, (L; tt)^; TV; f/; fc; (C; cr'; tt')). 


Proof: Obviously, Resolve and Skip cannot be applied. Furthermore, if case 
Backjump-fi) were applicable, there would be a ground clause in gnd(C'tT'; tt') 
blocking the last decision, a contradiction. 

Also, there cannot be any ground clause in gnd(C'CT'; tt') with a single top- 
level literal, since otherwise Propagate would not have been applied exhaustively 
before the decision. And C = _L cannot hold either, as otherwise Failure should 
have been applied earlier. Thus, the other cases of Backjump do not apply 
either. 

Finally, let Cq a ground clause from gnd(C'(T'; tt'). This clause exists, and 
must contain at least two top-level literals, see Lemma [A4f 21. These literals are 
falsified by the last decision, and do not block the decision. 

Let Lq, Kq two such literals and Cq = Cq\/ LqV Kq. Then these literals are 
equal, and the corresponding literals Li, Ki in Ca are unifiable. 

Then Factorize is applicable unifying Li and ATi, and Cq V Lq can be used 
to prove the non-emptiness condition. Qed. 


6 Redundancy 

We define redundancy w.r.t. the induced ordering <r in the standard way: 

Definition 6.1 A ground clause C is redundant w.r.t. a ground clause set N 
(and <r) ijf 

C € N,or3S C : S^C 

A first-order clause C is redundant w.r.t. the first-order clause set N (and <r) 

VC" G gnd(C) : C is redundant w.r.t. gnd(A) 

If redundancy does not hold, we call the corresponding clause non-redundant, 
or irredundant. 

6.1 Learning Non-Rednndant Clanses 

First, we show that each learned clause is non-redundant w.r.t. the current 
clause set and induced ordering. 

The most important consequence of this theorem that checking the learned 
clauses for redundancy criterions which are independent of the concrete induced 
orderings can be spared. 

Such admissible criterions include subsumption, subsumption resolution and 
tautologies, as it is shown in the next subsection. 

Theorem 6.2 (Non-redundant Clause Learning) LetT denote the trail at 
a conflict in a regular run, <r the induced ordering, and assume the clause C 
is learned via the Backjump rule, and let N and U be the starting clause set and 
the set of learned clauses before the conflict, respectively. 

Then, C is not redundant w.r.t. NU U and <r. 
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Proof: Assume the first and last state in conflict resolution is 

(r; N; U; fc; (Cq; uq; tto)) (F'; N; U; k; (C; ui; tti)) 

By soundness, N U U |= C and each C G gnd(C'(Ti; tti) is false w.r.t. both F' 
and F. 

Now let C G gnd(Ccri; TTi) and assume there is an ^ C gnd(NUU) such that 
S \= C and S <r C. Because of ^ <r C", each C" G S has a defined truth- 
value w.r.t. F. If all C" G S' is true, then, by S ^ C', so is C", a contradiction. 

Thus, let C" G S arbitrary such that C" is false under F. We distinguish 
two cases whether F' is a strict subset of F, or equal to it. 

First, if F' ^ F, at least one Skip had to be used, and C" contains no literal 
covered by the right-most literal of F. Neither does C", since C" <r C. But 
then, C" has a defined truth-value and it can only be true, as otherwise an 
earlier conflict detection would have been possible. A contradiction. 

Second, assume F' = F. If the right-most literal is a decision, no false clause 
from gnd(C'ocro; ttq) blocks this decision, and Factorize had to be applied several 
times followed by an application of case (2) of Backjump. (See also Lemma 15.51 
on immediate conflicts.) 

Let now C such that it contains only a single top-level literal. Since case 
(2) of Backjump was used, such a clause from gnd(C(Ti; tti) exists. Since C" is 
false and it was undefined before, it contains some top-level literals. 

Since it was not a subject of Propagate before the right-most decision, it has 
to contain at least two such literals. But C' contains only one, and therefore 
def(C") <p def(C") and C <r C" must hold, a contradiction. 

Finally, if F = F' and the right-most literal is not a decision, the last rule 
had to be Backjump (case 1 or 2), and the same argumentation holds: If an 
assertive clause is learned, let C an instance from gnd(C'cri; tti) such that it 
contains only a single top-level literal. However, C" must contain at least two 
top-level literals, which again leads to C <r C", a contradiction. If C = _L is 
learned, it is smaller than any non-empty clause, and due to regularity, _L is a 
newly learned clause. Qed. 

6.2 Admissible Redundancies 

Next, we show that the classic redundancy criterions tautology^ strict subsump¬ 
tion, and subsumption resolution are admissible redundancies in NRCL, i.e. the 
clauses these rules remove are indeed redundant w.r.t. any induced ordering. 

Proposition 6.3 (Tautology) Let C a clause and N an arbitrary clause set. 

If \= C holds, then C is redundant w.r.t. N. 

Proof: Clearly, any ground instance of C is a ground tautology and redundant, 
since it follows from the empty set which ’’contains” only smaller clauses. Qed. 

Furthermore, we also note that removing C has no effect on any run of 
the calculus, since no instance of C can be ever a conflict clause or imply an 
assignment. 

Proposition 6.4 (Strict Subsumption) Let C, D be clauses, a a substitu¬ 
tion, and N a set of clauses. 

If Ca C D, then D is redundant w.r.t. NU {C}. 
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Proof: Let DS be a ground instance of D. Then CaS C D6 and CaS <r DS 
holds, for any induced ordering <r. The latter holds, because def((7o-i5) <p 
def{Dd) holds in the abstract ordering. 

Thus, DS is redundant w.r.t. {CaS}, and so is D w.r.t. N U {C}, and strict 
subsumption is admissible. Qed. 

Similarly to tautology, removing a subsumed clause has little effect on the 
calculus, since whenever the subsumed clause is a conflict or a reason clause, 
the subsuming clause is either a conflict clause or implying the same assignment 
as well. 

Proposition 6.5 (Subsumption Resolution) Let C, D clauses, L a literal, 
a a substitution, and N a clause set. 

If Ca C D holds, then D V -<La is redundant w.r.t. N U {C V L, D}. 

Proof: Redundancy clearly holds as D subsumes D V -•La. Furthermore, we 
note that exchanging D V -^La with D in the presence of C V L is a sound step. 
Thus, subsumption resolution as a rule for reducing a clause is admissible. Qed. 


7 Termination and Completeness 

Just as most related calculi, NRCL is a decision procedure for BS as well, under 
the regularity conditions of Definition 15.21 Below, we show that regular runs 
never get stuck and eventually terminate. 

Proposition 7 .\ A regular run is never stuck, i.e. it terminates with the ter¬ 
minal rules, or one of the other rules is applicable. 

Proof: It is enough to show that, unless we already terminated, a rule is always 
applicable. First, we show that conflict search cannot get stuck. 

If T is already in one of the clause sets, Failure is applicable and we termi¬ 
nate. Thus, w.l.o.g. assume T ^ N U U. 

Assume F is total, i.e. defines each ground atom. Then Ir defines all ground 
atom occurring in gnd(N), and it either satisfies N or there is a false ground 
clause from gnd(N UU). In the first case. Success is applicable, and Conflict in 
the second case. 

If F is not total, and some undefined ground literal is implied by some ground 
clause. Propagate is applicable. Otherwise, if no ground literal is implied and 
there is an undefined ground atom, we can always apply Decide. We note that 
decisions which define only a single ground atom are never blocked. 

Second, assume we are resolving a conflict, i.e. the state indicator is (C; cr; tt) 
for some C, a, and tt. If the top literal in F is a decision and if (CtriTr) is as¬ 
sertive, then Backjump is applicable. If it is not assertive, then either Factorize, 
or case (3) of Backjump is applicable. 

If the top literal is a deduced literal, and neither does C = T hold, nor is 
(C'cr;7r) assertive - in these cases Backjump is applicable -, then we check the 
conditions of Skip. If Skip is not applicable, it satisfies the conditions of Resolve. 
Therefore, either Skip, Factorize, Resolve must be applicable in this case. Qed. 

We show termination through a series of lemmas. First, we prove that both 
conflict search and conflict resolution always terminate: 
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Lemma 7.2 Assume N, S and T) are all finite. Then, a conflict search phase of 
a regular run always terminates, i. e. leads either to a conflict or to termination. 

Proof: By the finiteness of E, we know that Ay, is also finite. Since a regular 
run is a series of sound steps, we also know that each application of Propagate 
and Decide defines at least one formerly undefined ground atom. 

Thus, a regular run eventually exhausts these rules, and, since it cannot get 
stuck by ProDOsition l7.ll one of the rules Failure, Success, or Conflict has to be 
applied. And thereby, the conflict search phase in question ends. Qed. 

Lemma 7.3 Assume N, E and D are all finite. Then, a conflict resolution 
phase of a regular run always terminates, i.e. leads to the application of Back- 
jump in finitely many steps. 

Proof: Let us assign to each intermediate state (P; N; U; fc; (C; u; tt)) in a conflict 
resolution the tuple (#(r); gnd(C'cr; tt)) as a measure, where #(r) denotes the 
number of elements in P. 

Let us order these tuples with the lexicographical ordering <iex based on the 
canonical ordering over non-negative integers and <o where <o denotes both 
the ordering induced by the trail after finding the conflict, and its multiset 
extension. This ordering is well-founded. 

We note that conflict resolution cannot get stuck, see ProDOsition l7.ll There¬ 
fore, it is enough to show that each application of the rules Skip, Resolve, and 
Factorize strictly decreases our measure. 

Skip strictly decreases the size of P, and therefore our measure as well. In 
the case of Resolve and Factorize, it is enough to give a function satisfying the 
conditions of Proposition 12. 261 between the false instances on the two sides, i.e. 
a function 7 which assigns ground clauses from the right-hand side conflict-set 
to larger ground clauses from the left-hand conflict-set. 

First, assume we apply Resolve to the state 

(P, (L' • a'; ; N; U; k; (C V L; a; ^)) 


and we get 

(P, (L' • a'; N; U; fc; {{C V C')r,o; tt'v)) 

where r] = mgu{L'a',-<La), rjo = m.gu{L',-<L), and a* such that r]oa* = aa'rj. 
For the sake of readability, let us introduce the symbols a = aa'p and tt* = 
irr], Tr'rj. 

Now, let /3 be a grounding substitution such that (C V C')aj5 S gnd((C' V 
C")a; 7 r*). Since it was derived via resolution, there is a corresponding valid 
ground resolution step with premises 

• Cl V Li € gnd((C V L)a; irr]) 

• C 2 V L 2 € gnd((C' V L')a; n'r]) 

where we assume Li and L 2 are the literals corresponding to L and L', re¬ 
spectively. Since we apply resolution, we also know that Li = -<L 2 , and 
iC\/C')aP = Cl VC 2 . 

By the definition of sound states and Propagate, we know that C 2 contains 
only literals which were defined before the last assignment, and thus, C 2 <0 


28 




(- 1 )^ 2 , and therefore C 2 <0 Li. Then, Ci V C 2 <0 Ci V Lx must hold, and thus, 
we shall define 7 (Ci V C2) as Ci V Li. 

Since 7 can be defined over the whole gnd((C' V C")a; 7 r*) and gnd((C' V 
L)a; 7 r? 7 ) is a subset of gnd((C'V L)cr; tt), we can apply ProDOsition l2.261 and we 
get 

gnd((C' V L)cr; tt) >0 gnd((C' V C')a\ tt*) 

and our measure strictly decreases, as the size of the trail is unchanged. The 
proof for Factorize is analogous. Qed. 

Next, we show that only finitely many new clauses can be learned thanks to our 
non-redundancy results in Theorem 16.21 

Lemma 7.4 If N, E and F are finite, a regular run can only learn finitely many 
new clauses. 

Proof: We use Higman’s Lemma El to prove this claim. The lemma states 
that given an infinite sequence wi,W 2 , ■ ■ ■ of words over a finite alphabet, there 
is always an index i and a subsequent index j such that the word Wi is embedded 
into Wj, i.e. after deleting some letters from Wj we can get Wi. 

Now, consider Ay,- Since E and V are finite, both the set of ground atoms 
and ground literals over E and F are finite. The latter serves as the finite 
alphabet for our proof. 

Since every learned clause is non-redundant at the time they are learned, 
by Theorem l6.2l we can assign a non-redundant ground instance to any learned 
clause, by the definition of redundancy. 

Assume we learn infinitely many clauses, and let us consider the assigned 
ground clauses Cx,C2, ■ ■ ■, where Ci is assigned to the clause learned at the first 
conflict, C2 to the clause learned at the second, and so on. 

Now, take any term ordering >, order the literals of the clauses, and assign 
this ordered sequence of literals to each clause. Let us denote this word over 
the alphabet of ground literals by w{C) for every ground clause C. 

Then, by Higman’s Lemma, there are indices i < j such that w{Ci) is 
embedded in w{Cj). But it means that Ci C Cj, i.e. Cj is strictly subsumed by 
or equal to Ci. 

The admissibility of strict subsumption was proven in Proposition 16.41 and 
clearly an already present ground clause cannot be non-redundant either, for 
any induced ordering. Thus, Cj cannot be redundant at the jth conflict, a 
contradiction. Qed. 

Finally, we show termination, and state the main result as a corollary. 

Theorem 7.5 (Termination) A regular run always terminates if N, E and F 
are finite. 

Proof: First, we note that a run can be seen as a series of conflict search 
and conflict resolution phases, which ideally ends with a terminal rule. By 
Lemma O Lemma 17.31 and Proposition 17.11 we know that each phase ends 
after finitely many steps without getting stuck. 

Thus, an infinite run must be an infinite series of conflict search and resolu¬ 
tion sequences. Since each conflict resolution ends with Backjump, it would im¬ 
ply that infinitely many new clauses are learned. But it contradicts Lemma l7.4l 
Qed. 
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Corollary 7.6 (Decision Procedure) Regular runs provide a decision pro¬ 
cedure for the Bernays-Schdnfinkel fragment if N, S and V are finite. 

I. e. every regular run terminates after finitely many steps with Failure, or 
Success, for an unsatisfiable, or satisfiable clause set N, respectively. 

Proof: It follows from Proposition 17.11 and the Theorems 14.41 and 17.51 Qed. 

8 Towards Implementation 

This far we considered mostly our calculus in an abstract fashion, and it is 
enough to establish the results of the previous chapters. 

Here, we elaborate some details regarding the constraints, and refine some 
steps to bring NRCL closer to practical application. In particular, we provide 
an abstract algorithm for exhaustive propagation, to highlight some important 
difficulties and expensive steps in the calculus. 

However, this section does not aim to provide a complete abstract algorithm 
for regular runs, we only briefly address some challenges and propose some 
solutions and approaches, which provides us a starting point for later imple¬ 
mentation and experimentation. 

8.1 Free Variables 

The dehnition of normal form for constrained literals demands the left-hand side 
of a constraint to contain only variables occurring in the constrained literal. Our 
calculus derives new assignments, i.e. new constrained literals for T, by applying 
resolution between the literals in T and the clauses in N U U. 

However, even after normalization, the resulting candidate (L • cr; might 
contain free left-hand side variables, i.e. variables which occur in the reason 
clause instance Ccr, and still occur in lvar(7r), but do not occur in La. The 
following example demonstrates this behavior. 

Example 8.1 Let us take 

N={Ci-. -^Q{x,x),C 2 ■■ -^Q{x,y)W ^Q{x,z)W P{y,z)} 

And assume that after an application of Propagate and Decide we get the trail 

r = (-'Q(a;, a;); , {Q{x, y); (a;, y) (u, u))^ 

Now, applying Propagate between P and the clause C 2 , we get the constrained 
literal 

{P{y, z)', {x, y) 7 ^ {v, v) A (a;, z) ^ {w, w)) 

Over T) = {a, b}, this constraint is satisfiable, the cover-set is {P{a, a),P{b, b)}, 
and after eliminating the free variable x we get the constrained literals 

{Piy, z)-,y ^ a A z ^ a) and {P{y, z);y ^ b A z b) 

Semantically, these variables are to be treated as existential variables, of 
course. These variables cause two problems. 
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First, in the presence of these existentially handled variables our constrained 
literal set for difference defined in Lemma 12.161 is no longer valid. In particular 
disjointness is no longer guaranteed. 

A simple way to overcome this issue is to split the resulting literal into a 
set of literals by instantiating the free left-hand side variables with relevant 
constants, as seen in the example above. This elimination procedure results in 
a set of not necessarily disjoint constrained literals. 

Second, while eliminating these variables is a solution, we still need to store 
the instantiating assignments. This information is used when applying the rules 
Resolve and Factorize during conflict resolution. This is already accomplished 
through using closures as introduced in Section 3. 

8.2 Indexing Scheme 

In the propositional setting, the watched literal scheme watches two literals in 
every non-unit clauses. These literals are assumed to be true or undefined under 
the current model assumption, or all literals but a single watched literal are false 
in the clause. 

Whenever a new assignment makes a watched literal false, we attempt to 
find a new non-false literal. If it is not possible, the other watched literal is 
propagated resulting either in a new assignment or a new conflict clause. 

This scheme enables efficient propagation at small computational costs as it 
cuts back the number of clauses we have to consider after a new assignment and 
requires no additional bookkeeping during backtrack. 

When lifting the scheme, we have to keep in mind that manipulating our 
constraints is more expensive. Therefore, a direct lifting of the technique by 
exactly maintaining which literals are watched in the different instances of a 
clause would be too expensive for our purposes. 

Here, we propose a lightweight approach which uses two levels of indexing 
the literals of the current clause set. Every clause is indexed by one of these 
levels, but not both. 

The first level attempts to mimic the two-watched-literal scheme, and indexes 
only two literals in the clauses. We can choose the interpretation of watching a 
literal L as an approximation of cannot be false by selecting one of the following: 

• ${L' ■ cr; 7 r)“ G T : 3 mgu(-'L'cr, L) 

• ${L' ■ ct; 7 r)“ G r : 3d = mgu(-'L'tT, L) and Trd 7 ^ T 

• ${L' ■ cr; 7 r)“ G r : 3d = mgu(-iLV, L) and rrd is not empty 

Obviously, the last choice is the most expensive and the first two should be 
preferred. 

Whenever a new assignment is made, we first try to adjust the watched 
literals on level one. If a clause contains no longer two appropriate literals, we 
push it to the second level. On this level we index all literals of the clauses, e.g. 
in a context tree with top-level symbol hashing. 

Putting clauses back to level one can be done either by maintaining an 
activity heuristics and time to time manually check for watchable literals, or 
managing lists of pointers for all clause-literals to relevant assignments on the 
trail. 
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This topology should make propagation cheaper, and in particular using 
level one should make it easier to ignore clauses irrelevant w.r.t. the recent 
assignments. 

8.3 Finding Candidates 

Before we propose an abstract algorithm for exhaustive propagation, we intro¬ 
duce a simple derivation system for finding candidates. Of course, in the actual 
implementation this system will be replaced by more efficient algorithms on the 
indexing structures. 

The rules work on tuples of the form (C; cr; tt)* where 

• C is a clause, a subclause of some initial clause Co from the current clause 
set 

• cr is a substitution over var(C'o) 

• TT is a dismatching constraint 

• t is the number of application of the last assignment of the trail, which 
has relevance in the next section 

The initial tuple for a clause Co G N U U is (C'o;0;T)° and we try to resolve 
each literal in C with the following rule: 

{C V L; ct; tt)* (C; ct6»; tt9 A 7r'6»)*' 

Where there is a (-iL' • cr'; 7r')“ € T such that 

• 30 = mgu(Lcr, L'a') 

• {ttO a tt'O) ^ T and normalized 

• is i -I- 1 if {-^L' ■ cr'; 7r')“ is the last assignment in F, and i otherwise 

Applying this rule we can get candidates for the rules Conflict, and Propagate 
by deriving respectively tuples of the form 

• (-L;cr;7r)b or 

• iL;<T-,Try 

We note that non-emptiness is not checked fully, only a cheaper precondition of 
it. Free left-hand side variables and already defined instances are not removed 
either. 

8.4 Exhaustive Propagation 

In this section, we propose the abstract algorithm PROP for exhaustive propa¬ 
gation with conflict detection. It basically processes a queue PQ of candidates 
for new assignments. As an invariant, we assume each constrained literal in the 
queue 

1. has a normalized non-T constraint 

2. consistent with the current F 

3. contains no free left-hand side variable 
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PROP 

Initially, this queue consists of the literals induced by the unit clauses. Unit 
clauses has to be checked for contradiction prior calling PROP. When calling 
after decisions, PQ is assumed to contain the immediate consequences of the 
decision. Checking for blocking should generate this set anyway. 

PROP processes the literals on PQ. First, it removes already defined instances 
by calling the function DIFF. This produces a set of disjoint and undefined 
constrained literals, each of which is a valid subject of Propagate. See Section 
2.3 for the definition of the difference operation ” —”, and see below the abstract 
algorithm for DIFF. 

These literals are then checked for emptiness, added to T and set to true. 
Their consequences - conflicts and new candidates for PQ - are then generated 
by addConsequences. 

We continue this process until PQ gets empty, or a conflict is found. The 
first indicates the finished exhaustive application of Propagate, and Decide can 
be called. In this case we return true. And in the latter case, we return false, 
and the found conflict is stored in conflictSet. 

On the course of this section, we might use the symbol I to denote annotated 
constrained literals, and the following auxiliary functions: 

• pop: removes an element of a queue, list, or set 

• notEmpty: carries out a full non-emptiness check for a constraint or con¬ 
strained literal 

• addAssignment: adds a new assignment to T (and its indexing structures) 

• cUNIFCt', T): Finds the literals in F which are unifiable with I, and re¬ 
turns an array of them and its size 

• NF: normalizes a constraint, constrained literal, or a set of constrained 
literals, as described in Subsection 2.2. In the latter case, it removes 
resulting literals with T-constraints. 

• freeLVars: produces the set of free left-hand side variables of a con¬ 
strained literal 

• selectOne: randomly, or heuristically selects an element of a set, or a list 

• adjustLevell: adjusts the first index level for clauses after a new assign¬ 
ment given as parameter, as described in Section 6.2. 

• getCandidates: provides the list of indexed clauses which contains a 
literal unifiable with the complement of a given literal 


DIFF 

It iteratively removes the already defined instances from the proposed assign¬ 
ment. The result is a set of disjoint and undefined constrained literals with 
non-T constraints. 
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Function PROP(N, U, P, PQ) 

1 while PQ 0 do 

2 

£ 

= {L ■ a; tt)^ ^ pop(PQ); 

3 

A ^ D1FF(£, P); 

4 

foreach £' = {L' ■ a'; tt')^ € A do 

5 


if notEmpty(fO then 




// Applying Propagate: 

6 



addAssignment(P,£'); 

7 



if addConsequences (N,U,P,f',PQ) = false then return/afee; 

8 


end 

9 

end 


10 end 



11 return true; 


Function DIFF(£*, F) 

1 k) ^ cUNIFCr, D; 

2 Aq <— {i*}', 

3 for i = 1, ..., k do 

4 I A, ^NF(A,_i-4z]); 

5 end 

6 return A^; 


elimFV 

An auxiliary function for finding new candidates. It iteratively removes the 
free left-hand side variables, and only keeps the literals with non-_L normalized 
constraints. 

addConsequences 

Finally, addConsequences checks whether a new assignment produces a conflict 
and generates new candidates for PQ. It returns true if no conflict is found, and 
false otherwise. If a conflict is found, it is saved in conflictSet. 

We distinguish two types of conflicts. It is easy to see, that if the new 
assignment is used only once in deriving a conflict, then PQ must already hold 
an unprocessed candidate which is falsified by the new assignment. Thus, we 
check PQ first for a contradiction, and start generating new candidates with =^>r 
only afterwards. 

We then use the derivation system of 6.3 to derive new constrained literals. 
We only consider derivations where the latest assignment has to be used at least 
once. If it is used only once we can be sure the new literal is not false. If it is 
not the case, we check for a possible conflict. 

As stated before, in the actual implementation the proper retrieval algo¬ 
rithms will eliminate the inefficiency of considering all derivations. 

Finally, the new candidates are tested for free variables, and they are re¬ 
moved if there are any. 
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Function elimFV(£o) 


1 

2 

3 

4 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 


// Prereq: NF(7r^o) 7^ ± 

A, A* ^ {4}, 0; 

while A 7 ^ 0 do 

£ = {L ■ a; tt)^ ^ pop(A); 
if freeLVars(£) = 0 then 
I A* ^ A* U {£}■, 
end 
else 

X selectOne (freeLVars (f) ) ; 

// Instantiation with each constant from the domain: 
foreach d aV do 

tt' NF(7r{a; d})] 

if tt' 7 I ± then A A U {(L • a{x ^ d}] tt')*" }; 

end 

end 

end 

return A* 


8.5 Picking the Next Decision 

When making a new decision, we a pick a candidate (L; 7 r), remove all the 
already defined instances, and then test all immediate conflicts for blocking. 

If there is a blocking conflict, we might then either pick an entirely new 
decision candidate, or try to fix (L; tt) by instantiating some variables in L, and 
thereby generating a new set of candidates. 

This can be achieved by picking a blocking ground instance C = C5 which 
contains such that both LSi,LS 2 G gnd(L; 7 r) and LSi 7 ^ L52 holds. 

Now, choose a variable for which xSi 7 ^ XS 2 , and split into {L{x <— 

x5i}] 7 r{a; t— xJi}) and (L; tt A a; 7 ^ xdi). By instantiating further variables, we 
eventually get a decision which is not blocking, since a ground decision is always 
suitable. 

A non-blocking decision is then added to F, and whether we found a non- 
blocking conflict or not, we continue with conflict resolution or with calling PROP 
after generating the immediate propagation candidates in a similar way as in 
addConsequences. 

Initially, the set of decision candidates are generated from the literals oc¬ 
curring in N. This set can be later refined by the above steps, and individual 
candidates might be substituted with sets of new candidates. 

Since removing defined instances is always relative to the current F, it has 
to be guaranteed that the set of all possible candidates covers the original set. 
It can be ensured for example by keeping a trail for these refinement steps as 
well, and re-roll them in parallel with the backtracking procedure. 

8.6 Ranking Literals 

Most current SAT solvers also employ variable selection schemes based on dy¬ 
namic ranking of propositional variables. This technique rewards variables in- 
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Function addConsequences(N,U,r/', PQ) 


1 (L'-(7';7r')“ ^ l'\ 

// Step 1: Check Type-1 Conflicts 

2 foreach £ = {L ■ a; tt)^ € PQ do 

3 if 35 = mgu(-'L(j, LV') and NF( 7 r 5 A tt'5)^ _L and 
notEmpty (ttJ A 7 r' 5 ) then 

4 conflictSet (C; aS; ird A tt'S); 

5 return false; 

6 end 

7 end 

// Step 2: Adjust indexing level 1 

8 adjustLevell [/,£ 0 ; 

// Step 3: Generate consequences 

9 foreach C G getCandidates (A^U U, £') do 

10 foreach derivation (C';0;T)° {L*;a*;Tr*y with i > 1 do 

// Check Type-2 Conflicts 

11 if z > 2 then 

12 if 3^ = (L • cr; 7 r)^ G P such that 35 = vign{-^La, L*a*) and 
NF( 7 r 5 A 7 r* 5 ) 7 ^ _L and notEmpty ( 7 r 5 A 7 r* 5 ) then 

13 conflictSet ■(— (C; ct*5; 7 r 5 A 71*5); 

14 retnrn false; 

15 end 

16 end 

17 e* {L* ■ a*;TT*)^; 

18 if freeLVars(£*) = 0 then PQ ^ PQ, £*; 

19 else PQ G- PQ, elimFV(£*); 

20 end 

21 end 

22 return true; 





volved in recent conflicts, and proved itself efficient in the propositional context. 

Following the footsteps of the now classic decaying variable sum, we reward 
the literals involved in the clause learning phase following the latest conflict. 

This is accomplished by maintaining a list of literals and scores. Whenever 
some literal L is added to the clause of the intermediate state, we add a pair 
(L; v) to this list. 

To focus on recent conflicts, we increase v gradually, and occasionally we 
reset v to some initial value and normalize the list. The latter can be trig¬ 
gered upon reaching some extreme value, automatically after a certain number 
conflicts, or at restarts. 

Restarts are commonly used in SAT solvers to redirect the focus of the 
search using the learned clauses and the current variable scores. Applying it 
only finitely many times does not violate completeness. 

Then, whenever we need to choose a new decision, we rank the candidates by 
combining the scores belonging to literals which are unifiable with the candidate 
in question. As an example we propose addition or maximum. We then choose 
the literal with the highest combined score. 

8.7 Clause Learning and Backjnmping 

As the conflicts are now discovered, every conflict-set uniquely assigns a T- 
assignment to each literal of the conflict clause. This make detecting assertive¬ 
ness easy and spares us a number of emptiness checks, as they are already done 
during conflict detection. This way, the only non-deterministic choice is the 
application of Factorize versus Resolve, when both is applicable. 

Once a new clause is learned, a suitable backtrack level is needed. Should 
we learn only the ground clauses in gnd(C'(T; tt) when the last conflict-set is 
(C;tT;7r), we could determine the backtrack position at ease, similarly to the 
propositional solvers. 

But we learn the more general C, and the right backtrack position has to 
be computed from all the instances of C. We have to consider all conflicting 
instance of C w.r.t. T, and for each instance, we have to determine a minimal 
backtrack position. Then, we backjump to the minimum of these positions. 

Without providing more details, we only note that some instances produce 
new assignments after backtrack, some might block existing decisions, and some 
might even be new conflicts after backjump. 


9 Related Work 

In this section, we briefly compare NRCL to existing solutions. As Bernays- 
Schonfinkel problems can be successfully handled with finite model hnders as 
well, we cover both BS-specific techniques and more general finite model building 
approaches. In the case of the latter systems, we focus on their behavior on the 
Bernays-Schonfinkel fragment. 

The first successful approaches to finite model building were Mace and SEM, 
see e.g. [39]. The early version of Mace flattens and grounds the given clause 
set, and passes it on to a CDCL-based SAT solver. This approach is developed 
further by Paradox m- 
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Compared to this approach, we work directly with the first-order clause set 
instead of the often exponentially larger set of ground instances. 

The latest version of Mace [55] follows the approach of SEM [35] and 
FINDER [37]. Instead of generating the ground instances, it maintains the 
function and predicate tables, and fills them out using a sophisticated back¬ 
tracking algorithm. 

Compared to this approach, we represent the model implicitly via con¬ 
strained literals, and let the learned clauses guide our calculus. 

Over the last decade several attempts were made to lift CDCL and its an¬ 
cestor, DPLL - a calculus using backtracking instead of backjumping and clause 
learning. Model Evolution [7] and its implementation Darwin [5] represents a 
model with a set of first-order literals, called context, and detects conflicts using 
syntactic concepts weaker then the full-fledged semantics based on the induced 
interpretation. This potentially leads to longer derivation before detecting a 
false clause. 

It is refutationally complete over first-order clauses and provides a decision 
procedure for the Bernays-Schonfinkel fragment. Its extension [5] enriches the 
calculus with learning lemmas at conflicts, and uses backjumping instead of the 
original backtracking approach. 

Compared to Model Evolution, NRCL relies on the full-fledged semantics, 
and we learn only non-redundant clauses. It is not clear if the latter holds 
for Model Evolution, especially the admissibility of the classic criterions needs 
in-depth considerations. 

Finally, it was shown in m that using contexts might result in exponentially 
larger model representations. We note that this result holds for the general case 
with function symbols, but in our setting e.g. the constrained literal 


{P{xi,X2 ,..., ccfc); cci X2 A a;2 CCS A • • • A xt-i ^ Xk) 

whose size is 0{k), requires a representation of size at least 0{k'^) as a con¬ 
text. Thus, at least a quadratic relation holds even for the Bernays-Schonhnkel 
fragment. 

DPLL(SX) [34] attempts to lift CDCL to BS in the same manner as we do, 
has an almost identical rule set, and uses substitution sets represented by BDDs 
as constraints. Substitution sets provide an explicit way to represent models. 

It is well-known that in the general setting with function symbols implicit 
representations have stronger expressive power [33] [M]. In our setting, explicit 
representations have the potential to be exponentially larger then the corre¬ 
sponding implicit representations. 

The following simple example demonstrates this claim. Over D = {a,b,c}, 
consider the constrained literal 


{P{xi,X2 ,..., ccfc); cci ^ X2 A a;2 CCS A • • • A Xk-i ^ Xk) 

Then it is easy to see that the corresponding explicit representation is made up 
of all the ground instances covered by this literal. 

Therefore, while the size of the implicit representation increases linearly in 
k, the size of the corresponding explicit representation is 0{2^), i.e. increases 
exponentially in k. 

The authors of this paper are convinced that this exponential blow-up hap¬ 
pens whenever in the implicit representation has no finite explicit representation 
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(see [53] [53] for details) in the language enriched with a function symbol. How¬ 
ever, this conjuncture needs further consideration, and we leave it for future 
work. 

Furthermore, compared to DPLL(SX) our approach is more modular as 
it allows the use of an arbitrary constraint language, restricted only by the 
operations we expect. Dismatching constraints can be extended beyond the 
Bernays-Schonfinkel fragment easily, while in the case of BDD-encodings, it is 
not trivial. 

DPLL(SX) also lacks the concept for blocking, and applies an explicit refine 
rule instead. As a side effect, it learns nothing from conflicts which lead to 
blocking clauses, and in these cases it abandons conflict resolution and rehnes 
the last decision. Finally, we also address redundancy, and exploit the non¬ 
redundancy result to show termination, which we consider a valuable addition. 

The most recent calculus SGGS, introduced in [5], promises a semantically 
guided, goal sensitive, model-based proof system. It uses simple constraints, so- 
called standard forms, conjunctions of negative atomic constraints of the form 
a; 7 ^ y, or top(a;) 7 ^ /. 

Then, a model is represented by a sequence of constrained clauses with se¬ 
lected literals. This sequence overrides a given initial interpretation /, which 
serves both as initial model assumption and as semantic guidance for the cal¬ 
culus. 

The procedure then keeps expanding this sequence in order to satisfy more 
and more clauses, and handles contradictions via resolution and splitting the 
constrained clauses to maintain an invariant - every literal in every clause in 
the sequence must have either only false, or only true instances w.r.t. I and the 
constraints. 

NRCL utilizes a more expressive constraint language, which allows tuples 
to be used. This results in less fragmentation of the representation, i.e. SGGS 
might need several constraints in standard form to express a single dismatching 
constraint of our calculus. 

This allows us to learn more general clauses, and also potentially decreases 
the size of the representation. Our model representation relies on constrained 
literals instead of clauses, and we consider it to be more explicit than the ap¬ 
proach of SGGS which requires identifying the constrained instances of the 
clauses which are indeed producing new assignments. 

Finally, the resolution applied by SGGS only repairs the model, it can be 
discarded later as the search progresses, and the splittings applied to maintain 
the invariants also forces the result of resolution to be more specific, more local. 
Compared to this, our calculus learns and saves new clauses, uses backjumping, 
and we proved these clauses are non-redundant. 

We also mention geometric resolution m which uses a special normal form 
called geometric normal form. In this calculus the formulas themselves con¬ 
stitute the rules of a system based on backtracking. Through the inference 
geometric resolution it also provides a way to learn new formulas. The transfor¬ 
mation to geometric normal form also includes flattening, which our approach 
avoids. 

The calculus Inst-Gen [H] and its implementation iProver m has been 
quite successful at solving Bernays-Schonfinkel problems, and competitive even 
for the first-order fragment. It generates a propositional approximation of the 
clause set by instantiating all the variables with constants, and passes it on to 
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a CDCL-based SAT solver. 

Unsatisfiability of the approximation entails the unsatisfiability of the origi¬ 
nal problem. On the other hand, if an abstract model is generated, it is used to 
guide the calculus to add proper instances of the original clauses, which refines 
the propositional abstraction. 

This procedure is continued then, until either unsatisfiability is proven, or 
saturation is achieved, which implies that the abstract model can be lifted to a 
first-order model for the original clause set. 

The algorithm is further enhanced by using dismatching constraints, and 
applying redundancy elimination based on generating first-order resolvents for 
subsumption with a theorem prover, and finding simplification candidates effi¬ 
ciently with ground reasoning. 

Compared to iProver, our approach is fine-grained, as the evaluation and 
refinement of our abstraction happen interleaved with the other reasoning steps. 
Furthermore, we work directly with the original clause set, and our trail always 
corresponds to a consistent first-order model candidate. 

In addition to the theoretical comparison, we also ran a small experiment for 
models represented by literals of the form {P{xi ,..., Xfe); xi ^ 12, ..., Xk-i ^ 
Xk) The clause set 

Q{x, x), -'( 5 (ai, 02), -'<3(02,03), • ■ ■, -'( 3 (a„_i, a„), 

-^P(xi,Xi,X 3 , . . .,Xk), ■ ■ .,^P(Xi,X 2 , ■ ■ . ,Xk-l,Xk-l), 

-^Q(x,z) V Q(x,y) V Q(y,z),P(xi, ...,Xk)V Q(xi,X2) V ... V Q(xk-i,Xk) 
has a model where the positive atoms are represented by the constrained lit¬ 
erals (P(xi, ..., Xk); xi ^ X2, • ■ •, Xk-i ^ Xk) and {Q{x, x); T). NRCL directly 
finds this model, i.e. without backjumping even once, by exhaustively applying 
propagation, making a single decision on P{xi,... ,Xk) and finally setting all 
undefined Q(x,y) literals to false. Furthermore, any regular run would find a 
similar model without backjumping even once. 

We tested this clause set with the available state-of-the-art provers Darwin 
(1.4.5) and iProver (0.8.1). The experiments were carried out on a Debian 
Linux (4.7.2-5) Intel (Xeon E5-2680, 2.7GHZ) computer with 256GB physical 
memory. For n = 7 and k = 5,7,9, Darwin needs 0.2,8.1,518 seconds to find 
a model, respectively. For k = 7 and n = 7,10,13, Darwin needs 8.1,62,347 
seconds to find a model, respectively. For k = 9 and n = 7, 10,13,16,19, 22, 
iProver needs 0,0.2, 21, 39,116, 718 seconds to find a model, respectively. 

In the case of Darwin, these results show an exponentially growing solution 
time w.r.t. k (the arity of P) or n (the domain size). iProver is robust against 
increasing k but not against increasing n, where it also shows an exponential 
growth. This shows that our model representation is not subsumed by either 
Darwin or iProver. 

Finally, even general purpose first-order theorem provers implement special¬ 
ized techniques to handle Bernays-Schdnfinkel problems. 

Generalisation introduced in |31) for Vampire is an additional technique for 
resolution-based saturation. It infers P{x) if P{c) has been established for all 
relevant constant c. Goupled with efficient sort inference, it has the potential 
to exponentially speed up theorem proving. 

The technique introduced in m for SPASS employs a combination of re¬ 
stricted superposition on Horn clauses, and labelled splitting |15| on non-Horn 
clauses. 
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Compared to these approaches, NRCL maintains a model candidate, it is 
restricted to learn clauses only at conflicts and only non-redundant ones, does 
not rely on Horn clauses, and the implicit branchings through decisions and 
backjumps are more elaborate and guided by the model search, compared to 
the splitting techniques employed by first-order theorem provers. However, we 
note that for some problem classes finite superposition saturation is still superior 
to explicit model generation, see e.g. superposition for knowledge bases in [38) . 


10 Conclusion 

In this paper, we proposed the decision procedure NRCL for the Bernays- 
Schonfinkel fragment. Our approach represents a model candidate as a set 
of constrained literals, and derives a model or a proof of unsatisfiability through 
a series of decisions, propagations, and learning new clauses. 

Our work closely relates to DPLL(SX) [34], which introduces a similar cal¬ 
culus, and the more recent calculus SGGS [3. Compared to earlier work in this 
direction, we investigated the standard redundancy notion w.r.t. the ordering 
induced by the current trail. 

One of the main contributions of NRCL over existing work is that, by design, 
we can prove our learned clauses to be non-redundant, i.e., any learned clause 
makes progress towards finding a model or a refutation, because it eliminates 
at least one potential model. In general, we consider this a key property for 
automated reasoning calculi. 

Projecting NRCL down to propositional logic proves this property for CDCL 
with respect to our notion of redundancy. Our notion also admits techniques 
like subsumption and subsumption resolution, which are important in both SAT 
solving and first-order theorem proving. We see this as a strong indication that 
a future implementation will also contribute to the state of the art. 

In Section 8, we addressed some of the difficulties of this approach, and 
provided details for implementation. Finally, we gave a brief comparison to the 
existing solutions in Section 9. 

As future research, the immediate goal is to make an efficient implemen¬ 
tation of NRCL. This includes developing suitable and efficient term indexing 
structures, possibly revising the constraint language, and defining concrete and 
efficient heuristics for selecting decisions. 

On the other hand, the long-term goal of our research is to extend this 
calculus beyond Bernays-Schonfinkel. The next step into this direction is to 
enrich our calculus with function symbols and sorts to handle the non-cyclic 
fragment introduced in [23] . This class still has the finite Herbrand model 
property, thus, our results will directly extend to this fragment. 

The further goals are to consider other decidable fragments, to introduce 
equality into our calculus, and finally to extend our work to finite model find¬ 
ing. 
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